ClawHub

Personal Video Dl

Security checks across malware telemetry and agentic risk

Overview

This is a coherent video downloader, but it can automatically install or update yt-dlp during normal use without a clear confirmation step.

Review before installing. Use it only if you are comfortable with a skill that fetches media from external sites, writes potentially large files locally, and may install or upgrade yt-dlp in the current Python environment. Safer use would be to preinstall a trusted, pinned yt-dlp version in an isolated environment and avoid playlist or batch downloads unless you intend the storage and network use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
print("📦 正在安装 yt-dlp...")
    try:
        # 尝试使用 pip 安装
        subprocess.run([sys.executable, '-m', 'pip', 'install', '-U', 'yt-dlp'], 
                      check=True, capture_output=True)
        print("✅ yt-dlp 安装成功")
        return True
Confidence
88% confidence
Finding
subprocess.run([sys.executable, '-m', 'pip', 'install', '-U', 'yt-dlp'], check=True, capture_output=True)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill documentation describes capabilities that require file reads, network access, and shell/package installation behavior, but the skill does not declare corresponding permissions. This creates a transparency and consent problem: an agent or user may invoke the skill without understanding that it can access local files (batch URL input), reach external sites, and execute shell-adjacent install commands, increasing the risk of unintended data exposure or unsafe execution.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
Auto-installing `yt-dlp` through `pip` gives the skill package-management behavior that is broader than its declared purpose and can modify the host environment without explicit administrative approval. This creates supply-chain exposure and increases the blast radius if package sources, mirrors, or the runtime environment are compromised.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The trigger examples include broad natural-language phrases such as “下载视频” and “帮我下载这个视频”, which are common everyday utterances and can cause accidental or over-broad invocation. In a skill with network and file-handling behavior, overly generic triggers raise the chance the agent routes unrelated requests into a downloader workflow, potentially causing unintended external requests or file operations.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal